VulnerableCode Package Details - pkg:npm/tough-cookie@2.3.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-3buh-pfq7-9kf2 Aliases: GMS-2017-210	Regular Expression Denial of Service The `tough-cookie` module is vulnerable to regular expression denial of service. Input of around k characters is required for a slow down of around 2 seconds. Unless node was compiled using the `-DHTTP_MAX_HEADER_SIZE=` option the default header max length is kb so the impact of the ReDoS is limited to around seconds of blocking.	2.3.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-am2z-v7gj-nqch Aliases: CVE-2017-15010 GHSA-g7q5-pjjr-gqvp	Uncontrolled Resource Consumption An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.	2.3.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wjaq-7np6-z3bk Aliases: CVE-2023-26136 GHSA-72xf-g2v4-qvf3	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Versions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.	4.1.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3buh-pfq7-9kf2
Aliases:
GMS-2017-210

Regular Expression Denial of Service The `tough-cookie` module is vulnerable to regular expression denial of service. Input of around k characters is required for a slow down of around 2 seconds. Unless node was compiled using the `-DHTTP_MAX_HEADER_SIZE=` option the default header max length is kb so the impact of the ReDoS is limited to around seconds of blocking.

2.3.3
Affected by 1 other vulnerability.

VCID-am2z-v7gj-nqch
Aliases:
CVE-2017-15010
GHSA-g7q5-pjjr-gqvp

Uncontrolled Resource Consumption An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.

2.3.3
Affected by 1 other vulnerability.

VCID-wjaq-7np6-z3bk
Aliases:
CVE-2023-26136
GHSA-72xf-g2v4-qvf3

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Versions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

4.1.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:32:50.097325+00:00	GitLab Importer	Affected by	VCID-wjaq-7np6-z3bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2023-26136.yml	38.4.0
2026-04-16T20:38:57.572284+00:00	GitLab Importer	Affected by	VCID-am2z-v7gj-nqch	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2017-15010.yml	38.4.0
2026-04-16T20:38:21.147796+00:00	GitLab Importer	Affected by	VCID-3buh-pfq7-9kf2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/GMS-2017-210.yml	38.4.0
2026-04-16T01:21:47.410103+00:00	GHSA Importer	Affected by	VCID-am2z-v7gj-nqch	https://github.com/advisories/GHSA-g7q5-pjjr-gqvp	38.4.0
2026-04-11T23:51:43.226479+00:00	GitLab Importer	Affected by	VCID-wjaq-7np6-z3bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2023-26136.yml	38.3.0
2026-04-11T21:49:43.265386+00:00	GitLab Importer	Affected by	VCID-am2z-v7gj-nqch	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2017-15010.yml	38.3.0
2026-04-11T21:49:02.218112+00:00	GitLab Importer	Affected by	VCID-3buh-pfq7-9kf2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/GMS-2017-210.yml	38.3.0
2026-04-11T12:50:48.793828+00:00	GHSA Importer	Affected by	VCID-am2z-v7gj-nqch	https://github.com/advisories/GHSA-g7q5-pjjr-gqvp	38.3.0
2026-04-02T23:54:57.148063+00:00	GitLab Importer	Affected by	VCID-wjaq-7np6-z3bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2023-26136.yml	38.1.0
2026-04-02T22:03:33.185690+00:00	GitLab Importer	Affected by	VCID-am2z-v7gj-nqch	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2017-15010.yml	38.1.0
2026-04-02T22:02:56.134659+00:00	GitLab Importer	Affected by	VCID-3buh-pfq7-9kf2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/GMS-2017-210.yml	38.1.0
2026-04-02T13:44:19.676357+00:00	GHSA Importer	Affected by	VCID-am2z-v7gj-nqch	https://github.com/advisories/GHSA-g7q5-pjjr-gqvp	38.1.0
2026-04-01T16:20:06.121082+00:00	GitLab Importer	Affected by	VCID-3buh-pfq7-9kf2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/GMS-2017-210.yml	38.0.0
2026-04-01T12:47:23.092786+00:00	GitLab Importer	Affected by	VCID-am2z-v7gj-nqch	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2017-15010.yml	38.0.0